From: Adrian-Ken Rueegsegger Date: Thu, 8 Nov 2012 10:00:21 +0000 (+0100) Subject: Add TKM public key implementation X-Git-Tag: 5.0.3rc1~39^2~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a5c51c44f975add3c939c727187beaada2036ee;p=thirdparty%2Fstrongswan.git Add TKM public key implementation The key unconditionally returns TRUE for the verify operation if it is called with a supported signature algorithm. All such verification operations are performed by the TKM (e.g. trustchain or auth octets verification) anyway, so this is safe. --- diff --git a/src/charon-tkm/src/tkm/tkm_public_key.c b/src/charon-tkm/src/tkm/tkm_public_key.c new file mode 100644 index 0000000000..d56f652692 --- /dev/null +++ b/src/charon-tkm/src/tkm/tkm_public_key.c @@ -0,0 +1,167 @@ +/* + * Copyright (C) 2012 Reto Buerki + * Copyright (C) 2012 Adrian-Ken Rueegsegger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "tkm_public_key.h" + +typedef struct private_tkm_public_key_t private_tkm_public_key_t; + +/** + * Private data of tkm_public_key_t object. + */ +struct private_tkm_public_key_t { + + /** + * Public interface for this signer. + */ + tkm_public_key_t public; + + /** + * Public modulus. + */ + chunk_t n; + + /** + * Public exponent. + */ + chunk_t e; + + /** + * Reference count. + */ + refcount_t ref; +}; + +METHOD(public_key_t, get_type, key_type_t, + private_tkm_public_key_t *this) +{ + return KEY_RSA; +} + +METHOD(public_key_t, verify, bool, + private_tkm_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) +{ + return TRUE; +} + +METHOD(public_key_t, encrypt_, bool, + private_tkm_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) +{ + return FALSE; +} + +METHOD(public_key_t, get_keysize, int, + private_tkm_public_key_t *this) +{ + return 0; +} + +METHOD(public_key_t, get_encoding, bool, + private_tkm_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return NULL; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_tkm_public_key_t *this, cred_encoding_type_t type, chunk_t *fp) +{ + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; + } + return lib->encoding->encode(lib->encoding, type, this, fp, + CRED_PART_RSA_MODULUS, this->n, + CRED_PART_RSA_PUB_EXP, this->e, + CRED_PART_END); +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_tkm_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_tkm_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + chunk_free(&this->n); + chunk_free(&this->e); + free(this); + } +} + +/** + * See header. + */ +tkm_public_key_t *tkm_public_key_load(key_type_t type, va_list args) +{ + private_tkm_public_key_t *this; + chunk_t n, e; + + n = e = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (!e.ptr || !n.ptr) + { + return NULL; + } + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt_, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + .n = chunk_clone(n), + .e = chunk_clone(e), + ); + + return &this->public; +} diff --git a/src/charon-tkm/src/tkm/tkm_public_key.h b/src/charon-tkm/src/tkm/tkm_public_key.h new file mode 100644 index 0000000000..a469f7524f --- /dev/null +++ b/src/charon-tkm/src/tkm/tkm_public_key.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2012 Reto Buerki + * Copyright (C) 2012 Adrian-Ken Rueegsegger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef TKM_PUBLIC_KEY_H_ +#define TKM_PUBLIC_KEY_H_ + +#include + +typedef struct tkm_public_key_t tkm_public_key_t; + +/** + * TKM public_key_t implementation. + */ +struct tkm_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a TKM public key. + * + * Accepts BUILD_RSA_* components. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +tkm_public_key_t *tkm_public_key_load(key_type_t type, va_list args); + +#endif /** TKM_PUBLIC_KEY_H_ @}*/